How is it possible to locate the origin of email sent to somebody?

Image source:


Email tracing is probably the most common duty of cyber crime investigators. An email consists of two parts - the header and the body. The header can be used to provide information on the source of e-mail.A message normally moves from the sender's machine to his/her mail server, then to the addressee's mail server. Each time a mail moves to a new server, a new `received' header gets added to the beginning of the header block. Scanning the `received' header lines carefully, one can generate the exact mail trajectory and gain other valuable insights.One important source of information is the IP address (Internet Protocol address), four digits separated by dots, which is attached to the header by some mailers such as Yahoo.Every computer on the Internet has an address and hence the IP address can be used to identify each computer uniquely on the net.There is another process called logging. Logging is a record of each email message that passes through a computer network, however many small service providers do not turn on the logging function due to inadequate staff and the like.It is necessary to note that it is possible to forge the information in the header. If the user receives an email that appears to have been sent from one source while it was actually sent from another, the email is said to be spoofed.Thus the investigators with the help of many other sleuthing tools track down the suspect.


When you send an email, the server you are connected to records your IP address. Most servers include this IP address in the email. Whatever mail client you are using, you will be able to see from which IP address it has originated by viewing the original source of the e-mail.You can know who owns an IP address by using WHOIS service on If you cannot use that, use You have to enter the IP address of the sender and click on `Search'. You will get the details of the owner (ISP) of the IP address. Once you get the ISP of your sender, you have to contact the ISP. The ISP will have a log of who had which IP address. You can know the details of the sender from his/her ISP. I think you will not get the customer details from the ISP without valid reasons. The sender can choose not to reveal his/her IP . He can also mask his IP address. What I have mentioned is an ideal case.